| From: | "Nauman Naeem" <nauman(dot)naeem(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | User privileges-verification required |
| Date: | 2006-02-24 13:25:13 |
| Message-ID: | 211765b50602240525j601a7b91o9f10030c9045e132@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello all,
While playing around with database users, I noticed one odd thing
regarding user privileges.
In case I have only one user in my database who is also the DBSystem
(who carries out initdb), user then if that user takes away his
"createuser" privileges, he is unable to grant himself that privilege
again or grant that privilege to any other user that he creates.This
creates quite a fix since you end up with no superusers, nor a way to
create any other superusers.
In my opinion we should cater for such a situation, and two possible
solutions come to my mind for this:
1. Place a restriction that there should be more than one superuser
before you can issue a "NOCREATEUSER" command.
2 Only the DBsystemuser should be allowed to grant and revoke the
"createuser" privileges.
Let me know what you all think.
Thanks,
Nauman
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2006-02-24 13:42:55 | Re: User privileges-verification required |
| Previous Message | Andrew Dunstan | 2006-02-24 13:06:43 | Re: AC_REPLACE_FUNCS([getaddrinfo]) in 8.1.3 |